I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

  • onlinepersona@programming.dev
    202·
    15 hours ago

    Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.

    Anti Commercial-AI license

    • 0101100101@programming.devOPEnglish
      315·
      14 hours ago

      The messages are private and that’s what’s most important.

      No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.

        • frazorth@feddit.uk
          2·
          6 hours ago

          They are referring to message metadata.

          Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.

          https://signal.org/legal/

          For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.

          They store metadata, which is distinct from encrypted data.

          Are you saying sealed sender is a lie?

          https://signal.org/blog/sealed-sender/

          When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.

          They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.

          • Star@sopuli.xyz
            1·
            2 hours ago

            The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.

            You can see this for yourself at signal.org/bigbrother